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DETAILED ACTION 

1 . Claims 1 and 3-27 are pending in this office action, claim 2 is canceled. 

2. Applicant's arguments, filed June 9, 2005, have been considered but they are not 
persuasive. 

Rejections 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 103 

4. Claims 24. 25. and 27 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Urata (U.S. Patent No. 6,799,272) in view of Kawan (U.S. Patent No. 
6,289,324). 

Regarding claim 24 . Urata teaches a method of preventing counterfeiting of a 
smart card, comprising: 

• Providing a smart card such that none of confidential information and a 

cryptographic key for authorizing the smart card, is carried on the smart card (col. 
2, lines 32-52); 


Application/Control Number: 09/685,026 Page 3 

Art Unit: 2136 

• Reading said card by a reader such that in each reading, said reader reads only 
a predetermined small amount of information which makes the card unique (col. 
2, lines 32-52). 

Urata does not specifically teach a reader for the smart card, but an 
authentication center that receives the data over a communication system. 

Kawan teaches a reader for the smart card (fig. 2, ref. num 21 0). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a smart card reader, as taught by Kawan , with the 
method of Urata . It would have been obvious for such modifications because a smart 
card reader provides the interfacing means for accessing the information on the smart 
card. 

Regarding claim 25 , the combination of Urata as modified by Kawan teaches 
wherein an entire process of said method is performable off-line (see col. 5, lines 47-59 
of Kawan). 


Regarding claim 27 , Urata teaches a method/computer readable medium for 
preventing counterfeiting and cloning of smart cards, comprising: 
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• Providing a smart card with a cryptographic structure for authorizing the smart 
card which cannot be accessed completely by a predetermined small number of 
readings (col. 2, lines 32-52). 

Urata does not teach wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof. 

Kawan teaches wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof (col. 9, lines 36-43). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine wherein said cryptographic structure can be built only 
by whoever emits the card or an agent thereof, as taught by Kawan , with the method of 
Urata . It would have been obvious for such modifications because keeping the 
cryptographic structure secret to only those who emit the card prevents someone from 
counterfeiting a smart card (see col. 9, lines 36-40 of Kawan). 

Claims 1. 3-7, 9-14, 23, and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Urata (USPN '272) in view of Kawan (USPN '324), and further in 
view of Perlman et al. (U.S. Patent No. 5,261 ,002). 
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Regarding claim 1 , Urata teaches a method/computer readable medium for 
preventing counterfeiting and cloning of smart cards, comprising: 

• Providing a smart card with a cryptographic structure for authorizing the smart 
card which cannot be accessed completely by a predetermined small number of 
readings (col. 2, lines 32-52). 

Urata does not teach wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof or providing a reader for reading said smart 
card. 

Kawan teaches wherein said cryptographic structure can be built only by 
whoever emits the card or an agent thereof (col. 9, lines 36-43), and providing a reader 
for reading said smart card (fig. 2, ref. num 210). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine wherein said cryptographic structure can be built only 
by whoever emits the card or an agent thereof, as taught by Kawan , with the method of 
Urata . It would have been obvious for such modifications because keeping the 
cryptographic structure secret to only those who emit the card prevents someone from 
counterfeiting a smart card (see col. 9, lines 36-40 of Kawan). 


Application/Control Number: 09/685,026 Page 6 

Art Unit: 2136 

The combination of Urata as modified by Kawan still does not teach including a 
database holding information related to unauthorized smart cards, said reader being 
on-line, such that said reader is operatively connected to a network, only when said 
database of said reader is being updated by said network. 

Perlman et al. teaches including a database holding information related to 
unauthorized smart cards, said reader being on-line, such that said reader is operatively 
connected to a network, only when said database of said reader is being updated by 
said network (col. 3, lines 38-40, col. 6, lines 37-39, and fig. 1, ref. num 24-30). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a reader including a database of unauthorized smart 
cards, said reader being online and connected to a network only when said reader is 
being updated, as taught by Perlman et al. . with the system of Urata/Kawan . It would 
have been obvious for such modifications because the off-line version of the blacklist 
provides a listing of all users who are intruders; the periodic updating allows a newer list 
of intruders to be known. 

Regarding claim 3 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein an entire process of said method is performable off-line (see col. 5, 
lines 47-59 of Kawan). 
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Regarding claim 4 . the combination of Urata as modified by Kawan/Perlman et 
aj. teaches wherein said smart card carries thereon predetermined N channels as C1 , 

C2, .... CN, where N is an integer, wherein each channel Ci, with i equal to 1, 2 N, 

carries a pair of numbers (hi, li), and wherein hi is the i th high number and li is the i th low 
number (see col. 2, lines 32-52 and fig. 1, ref. num 106, 128, and 142 of Urata). 

Regarding claim 5 . the combination of Urata as modified by Kawan/Perlman et 
aL teaches further comprising using public key cryptography with associated encoding 
and decoding functions Vi and Vi" 1 in each channel i, wherein each function Vi" 1 is 
known publicly, and Vi is known only to a predetermined party representing an owner of 
the smart card (see page 6, lines 1-5 of applicants disclosure, applicant submits this 
information is well known as taught by Menezes et al.). 

Regarding claim 6 . the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein for each i in 1 , 2, ... , N, the pair (hi, li) is such that hi = Vi(li), or hi = 
Vi(K(li)), where K represents a publicly-known cryptographic hash function, and wherein 
each li contains a plurality of symbols for redundancy (see page 6, lines 6-8 of 
applicants disclosure, applicant submits this information is well known as taught by 
Menezes et al.). 

Regarding claim 7 , the combination of Urata as modified by Kawan/Perlman et 
al teaches further comprising processing, using an invertible function f which is made 
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public, such that the low numbers in said smart card satisfy l(i+j) = f^li), where f* 
represents the j th iteration of the function f (see col. 5, line 48 through col. 6, line 25 of 
Urata). 

Regarding claim 9 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein a reader obtains a content of only two of said channels (see col. 2, 
lines 37-47 of Urata). 

Regarding claim 10 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches further comprising periodically communicating, by a reader of said smart 
card, with a database where a predetermined characteristic of the card is checked (see 
col. 3, lines 38-40 and fig. 1, ref. num 16-18 of Perlman et aL). 

Regarding claim 1 1 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein the predetermined characteristic comprises whether a smart card 
has delivered more than a predetermined amount of money to a user of the smart card 
(see col. 7, lines 21-23 of Perlman et aL). 

Regarding claim 12 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein if a card is detected as delivering too much money, the database 
communicates a corresponding number 11 to all readers in a network, so that smart 
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cards carrying said corresponding number are declined (see col. 7, lines 14-26 of 
Perlman et al.). 

Regarding claim 13 . the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein said cryptographic structure is changed periodically (see col. 6, 
lines 33-42 of Urata). 

Regarding claim 14 . the combination of Urata as modified by Kawan/Perlman et 
aL teaches wherein said smartcard is invalidated after a predetermined time of usage 
(see fig. 2, ref. num 42 of Perlman et al.). 

Regarding claim 23 . the combination of Urata as modified by Kawan/Perlman et 
aL teaches further comprising performing a final validation of the smart card by at least 
one of: 

• Contacting a central database if an entire transaction is made on-line with no 
penalty (see col. 6, lines 37-39 of Perlman et aL); and 
Checking with a local database in a reader, said local database being refreshed 
periodically by contact between said local database and said central database 
(see col. 3, lines 38-40 and fig. 1, ref. num 24-30 of Perlman et aL). 


Regarding claim 26 . Urata teaches a system for preventing cloning of a smart 
card, comprising: 
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• A smart card such that a cryptographic structure for authorizing the smart card is 
not carried on the smart card (col. 2, lines 32-52). 

Urata does not teach a reader for reading the smart card and including a 
database for linking to a network and being updated periodically with a list of 
unauthorized smart cards, wherein said cryptographic structure is kept secret by - 
whoever emits the card or an agent thereof, 

Kawan teaches wherein said cryptographic structure is kept secret by whoever 
emits the card or an agent thereof (col. 9, lines 36-43). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine wherein said cryptographic structure can be built only 
by whoever emits the card or an agent thereof, as taught by Kawan , with the system of 
Urata . It would have been obvious for such modifications because keeping the 
cryptographic structure secret to only those who emit the card prevents someone from 
counterfeiting a smart card (see col. 9, lines 36-40 of Kawan). 

The combination of Urata as modified by Kawan still does not teach a reader for 
reading the smart card and including a database for linking to a network and being 
updated periodically with a list of unauthorized smart cards. 
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Perlman et al. teaches a reader for reading the smart card and including a 
database for linking to a network and being updated periodically with a list of 

unauthorized smart cards (col. 3, lines 38-40, col. 6, lines 37-39, and fig. 1, ref. num 24- 
30). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a reader for reading the smart card and including a 
database for linking to a network and being updated periodically with a list of 
unauthorized smart cards, as taught by Perlman et al. , with the system of Urata/Kawan . 
It would have been obvious for such modifications because the off-line version of the 
blacklist provides a listing of all users who are intruders; the periodic updating allows a 
newer list of intruders to be known. 

Claims 8 and 15-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Urata (USPN '272) in view of Kawan (USPN '324) and Perlman et al. (USPN '002), 
and further in view of Schneier, "Applied Cryptography: Protocols, Algorithms, and 
Source Code in C," Second Edition, pps. 466-474 (hereinafter Schneier). 

Regarding claim 8 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches all the limitations of claims 1 , 4, 5, and 6, above. However, the combination 
of Urata as modified by Kawan/Perlman et al. does not teach wherein a reader includes 
a random number generator, which, when a card is read, chooses a pair (a, b) of 
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distinct numbers with a < b between 1 and N, wherein before processing the smart card, 
the reader obtains the pair (ha, la) and hb, and using the public keys Va- 1 and Vb- 1 , 
checking by the reader whether the pairs (ha, la) and (hb, lb) are compatible, and, 
consequently, that the numbers ha, la, and hb belong to a same legitimate card. 

Schneier teaches: 

• Wherein a reader includes a random number generator, which, when a card is 
read, chooses a pair (a, b) of distinct numbers with a < b between 1 and N, 
wherein before processing the smart card, the reader obtains the pair (ha, la) and 
hb (a step of an RSA algorithm, choose two prime numbers, page 467); 

• Using the public keys Va- 1 and Vb- 1 , checking by the reader whether the pairs 
(ha, la) and (hb, lb) are compatible, and, consequently, that the numbers ha, la, 
and hb belong to a same legitimate card (a step of an RSA algorithm, page 467). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine generating a random number in the reader, choose a 
pair of distinct numbers, and using the public keys to check the compatibility of the 
smart card, as taught by Schneier , with the method of Urata/Kawan/Perlman et al. It 
would have been obvious for such modifications because these limitations verify a 
proper smart card based on the key checking, known as a digital signature. 
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Regarding claim 15 , the combination of Urate as modified by Kawan/Perlman et 
al./Schneier teaches wherein said pairs (hi, li) to be contained on the smart card are 
generated by: 

• Choosing a prefix of 11 once for all transactions, or changed whenever needed, 
wherein said prefix is publicly known (a step of an RSA algorithm, see page 467 
of Schneier); and 

• Providing a sequence, such that the sequence is generated so that a same 
number is not chosen twice, and so that corresponding other li's are not chosen 
as new 11s (a step of an RSA algorithm, see page 467 of Schneier). 

Regarding claim 16 , the combination of Urata as modified by Kawan/Perlman et 
al./Schneier teaches further comprising: 

• Concatenating the prefix and the sequence to form 11 (a step of an RSA 
algorithm, forming the product of two primes, see page 467 of Schneier); and 

• Choosing a function f which is invertible and is publicly known, to construct 12 = 
f(H), 13 f(l2), and so forth (a step of an RSA algorithm, use Euclidean algorithm 
on two primes, see page 467 of Schneier). 


Regarding claim 17 , the combination of Urata as modified by Kawan/Perlman et 
al./Schneier teaches wherein the function f is chosen to be the identity map, in which 
case 11 = 12 = 13 = ... =IN (a step of an RSA algorithm, where the message is encrypted 
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in blocks, where the same encryption method is used for each block, see page 467 of 
Schneier). 

Regarding claim 18 , the combination of Urata as modified by Kawan/Perlman et 
al./Schneier teaches choosing, for a number N, N public key-private key pairs, such that 
a first private key V1 is for computing hi = V1 (11 ), a second private key V2 is for 
computing h2 = V2(I2), and so on (a step of an RSA algorithm, where the message is 
encrypted in blocks, see page 467 of Schneier). 

Regarding claim 19 , the combination of Urata as modified by Kawan/Perlman et 
al./Schneier teaches further comprising: 

• Verifying whether the smart card is authentic (digital signature of an RSA 
algorithm, see page 473 of Schneier); and 

• Checking whether the smart card is not in a list of cards to be refused (see col. 6, 
lines 37-39 of Perlman et al.). 

Regarding claim 20 , the combination of Urata as modified by Kawan/Perlman et 
aL teaches all the limitations of claim 1 , above. However, the combination of Urata as 
modified by Kawan/Perlman et al. does not teach wherein, when the smart card is read 
by a reader, a random generator is prompted which provides two integer numbers, a 
and b, which are not between 1 and N, with a < b. 
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Schneier teaches wherein, when the smart card is read by a reader, a random 
generator is prompted which provides two integer numbers, a and b, which are not 
between 1 and N, with a < b (a step of an RSA algorithm, see page 467). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine generating a random number when the smart card is 
read, the random numbers are a and b, with a < b, as taught by Schneier . with the 
method of Urata/Kawan/Perlman et al. It would have been obvious for such 
modifications because these limitations select a public key of the reader for use in a 
public key algorithm. The public key can then be used to encrypt data so that only the 
intended recipient can decrypt the data. 

Regarding claim 21 . the combination of Urata as modified by Kawan/Perlman et 
al./Schneier teaches wherein said numbers a, b are transmitted to the smart card which 
delivers two high numbers ha, hb, and a low number la in a channel a, and wherein the 
pair (a, b), together with a function f in a memory in the reader, are used to compute the 
low number lb=f (b " a) (la), said memory in said reader delivering public keys Va' 1 and Vb* 1 
(a step of an RSA algorithm, see page 467 of Schneier). 

Regarding claim 22 . the combination of Urata as modified by Kawan/Perlman et 
al./Schneier teaches wherein the public keys are used by a comparator together with 
the pairs (ha, la) and (hb, lb), to verify that the pairs are compatible with the 
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corresponding keys, and that the pairs are from a same legitimate card (a step of an 
RSA algorithm, see page 467 of Schneier). 

Response to Arguments 

5. Applicant argues that the combination of references would not have arrived at the 
claimed invention and that Perlman et al. does not teach or disclose "providing a smart 
card" and "providing a reader for reading said smart card and including a database 
holding information related to unauthorized smart cards." (See page 16, third full 
paragraph, page 17, first paragraph, and page 18, first full paragraph). 

Regarding applicant's argument, examiner disagrees with applicant. Examiner 
wants to point out that Kawan was cited as disclosing a smart card reader (fig. 2, ref. 
num 210), not Perlman et al. The non-final office action (and the current rejection) 
points out the fact that Kawan discloses the smart card reader. Perlman et al. was 
added for further showing the feature of blacklists and periodic updates. Applicant has 
amended independent claim 1 to incorporate the limitations of a database holding 
information related to unauthorized smart cards. 

Prior to this amendment, the claim simply stated "providing a smart card with a 
cryptographic structure for authorizing the smart card which cannot be accessed 
completely by a predetermined small number of readings" and "said cryptographic 
structure can be built only by whoever emits the card or an agent thereof." 
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The first limitation was clearly taught by Urata to contain a smart card that 
contains a cryptographic structure for authorizing wherein the structure cannot be 
accessed completely by a small number of readings (see col. 2, lines 32-52 of Urata). 
This passage shows a key code index being contained in the smart card. This key code 
index cannot be completely accessed by a small number of readings and clearly does 
not contain any confidential information, as recited in other embodiments of the 
independent claims. Figure 1 of Urata shows the key code index with its many entries. 

The second limitation was clearly taught by Kawan to disclose the cryptographic 
structure can be built only by whoever emits the card or an agent thereof (see col. 9, 
lines 36-43 of Kawan). The passage clearly states that smart cards can be impervious 
to counterfeiting as long as the keys (or cryptographic structure) are known only to the 
issuer of the smart card and the entity supporting the ATM and merchant terminal 
system. This passage gives way to a motivation to make sure that no one, except for 
the agent of the card, may build the cryptographic structure - whether it be a set of keys 
as proposed in Kawan, or a key code index as proposed by Urata. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this office action. Accordingly, THIS ACTION IS MADE FINAL. Applicant is reminded 
of the extension of time policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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